Privacy Commanders Act Barometer GDPR: 5 lessons to remember for obtaining consent…
…and a few presumptions you might need to rethink
Expert Opinion by Michaël Froment
Banners, pop-ins, confirmation through clicking or scrolling…how does the way you collect consent influence a user’s decision to give it? How successful are the various opt-in mechanisms being used to comply with the GDPR?
This study was conducted over 14 days, from 6th to 19th August 2018. In total, we analysed the behaviour of 10,450,000 visitors to 16 websites across a variety of industries (finance, media, manufacturing, distribution, travel, energy).
And let’s start with the first surprise: while many websites tended to choose more discrete methods, either as a precaution of through fear of scaring away visitors, the barometer’s results show that they would actually be better off being upfront and transparent.
Lesson #1: Properly evaluate the pros and cons of the collection method
In practice, websites use 3 methods for collecting consent:
- Strict consent
This involves a direct expression of consent – typically a click on an ‘accept’ button.
- Soft consent
This is where the consent is given when the user explores the website further i.e. views a second page.
- Super-soft consent
Consent is given when the user scrolls down the page the first page they view. This method complies with one possible interpretation of the GDPR and is currently accepted by the regulatory authorities until clarification from the ePrivacy directive.
Unsurprisingly, conversion rates for strict consent are lower (28%) than the two others: 69% for soft consent and 78% for super-soft.
Given how small the difference between these two is, it begs the question: why choose the super soft method and thus a ‘tolerated’ interpretation of the regulation? Especially since soft consent results in 39% of visitors giving their direct consent (by clicking on an ‘accept’ button) compared to only 10% with super soft.
Lesson #2: Make the first impression count – cause it does
No considering strict consent, here are the 4 other lessons from the study.
A user reads the consent text on average 1.8 times before making a decision. This figure remains the same regardless of the final decision (opt-in or opt-out) and the consent mechanism used (strict, soft or super soft). In other words, the user makes their choice after seeing the consent banner or pop-in for the first time.
Lesson #3: For consent banners, bigger is better
The average opt-in rate is 65%, but it varies. The main factor behind the differences between desktop, mobile and tablet is the size of the consent banner – which is mechanically more imposing on mobiles and tablets. The result is that of the devices that display consent banners, 37% are desktops, 51% are mobiles and 12% are tablets. Opt-in rates for these devices reach 56%, 59% and 76% respectively.
In general, one surprising conclusion from this barometer is that secrecy doesn’t pay off. Instead of fleeting banners whose background colour blends into the website, it’s better to choose contrasting blocks with an easy-to-read font.
Lesson #4: Don’t hide your content
The correlation between consent banner size and opt-in rate obviously has its limits: when the content of the site is no longer visible, either around or behind the banner, users tend to stop browsing rather than give their consent. This occurs in particular when the banner looks like a pop-in which obscures the whole background i.e. the website content.
Lesson #5: Take into consideration your visitors’ and industry’s practices
Each sector has its preferred method for collecting consent. While finance and energy companies prefer strict consent, and thus a tight interpretation of the GPDR, media and travel sites emphasise optimisation by using a super-soft method. These preferences can be explained by each party’s individual needs (for media, opt-ins partly influence advertising revenue) but are not set in stone.
Changes in the regulations (the ePrivacy text is still being written), technology (browsers) and, obviously, user behaviour could mean such choices may have to be reviewed in the upcoming months.
About Commanders Act
Commanders Act is a European company founded in 2010 under the name TagCommander. The integrated, IAB- and ePrivacy-certified customer data and consent management platform helps companies to optimise the work of their online teams in a data-driven manner that is compliant with the GDPR. The various components of Commanders Act’s CDP (TagCommander, DataCommander, MixCommander and FuseCommander) make it easier to maintain control over data for customers and prospective customers within your organisation and to collect and activate data across channels. With a comprehensive, efficient and resource-saving approach, Commanders Act enables its customers to accelerate their digital transformation. Optimised data management not only enhances a team’s agility and the implementation speed of a campaign – it also improves the user’s experience and maximises ROI based on multi-channel customer value across channels. Commanders Act currently looks after over 450 customers around the world.